Which countermeasure helps mitigate the risk of stolen credentials for cloud-based platforms?

Multifactor authentication (MFA) is a critical countermeasure for mitigating the risk of stolen credentials in cloud-based platforms. It enhances security by requiring users to present multiple forms of verification before being granted access to their accounts. Typically, MFA combines something the user knows (like a password), something the user has (such as a smartphone or hardware token), and sometimes something the user is (biometric data).

This layered approach makes it significantly more difficult for unauthorized individuals to gain access, as simply obtaining a single credential (like a password) is not enough. Even if an attacker manages to steal a user's password, they would still need the additional factor—such as a one-time code sent to the user’s device—to successfully log in. This added level of security is particularly vital in cloud environments, where the potential for remote access makes stolen credentials a prevalent threat.

In contrast, other options do not directly address the authentication process in the same way. Key management focuses on the secure generation, distribution, storage, and disposal of cryptographic keys; data sanitization pertains to the proper disposal of data to prevent unauthorized access to sensitive information; and host lockdown involves securing a specific machine against unauthorized changes. While these measures contribute to overall security, they do